In Nightfall’s Trends in Cloud Security Newsletter, we review the top stories and developments in cloud security. Some of this issue’s highlights include:
-
Tomorrow at 11 PT we're hosing a live webinar where we'll cover how to scan code repos leveraging machine learning. Also, join us this weekend at BsidesSF and next week at RSA!
-
Learn about some of last month's most shocking leaks, including a tempory gaffe by an Amazon employee.
-
Read Nightfall's post in ITProPortal about developing a security-first, cloud native mindset to derive best practices in the cloud.
Read these stories and other timely cloud security stories below.
|
|
|
Google Photos Leak Poses Enterprise Threats
|
A recent Google Photos data leak underscores the fact that any company is subject to technical issues, software glitches and employee mistakes. Some users were surprised to learn that despite proactively taking strong security measures across its product lines, Google slips up too.
|
[ READ MORE ]
|
|
|
US Education Non-Profit Leaks Data on Thousands of Students
|
A US education non-profit appears to have unwittingly leaked the personal information of thousands of students after leaving two online MongoDB databases exposed. The privacy snafu was discovered by noted researcher Bob Diachenko and affected the Institute of International Education (IIE), an organization set up to promote educational and cultural exchanges with other countries.
|
[ READ MORE ]
|
|
|
Prison inmates' sensitive data left exposed on leaky cloud bucket
|
Researchers at VPNMentor have uncovered a data leak that has exposed prescription records, mugshots, and other sensitive information related to an unknown number of inmates. On January 3, the researchers found that over 36,000 PDF files had been exposed on an unsecured Amazon Web Services S3 bucket (natch) used by JailCore, a cloud-based app used by several US states correctional facilities.
|
[ READ MORE ]
|
|
|
Strategies for Securing the Cloud |
|
Why Leaky Clouds Lead to Data Breaches
|
This past summer, we witnessed yet another massive data breach due to a misconfigured AWS cloud instance, and hundreds of thousands of Capital One's customers' Social Security and bank account numbers were exposed as a result. Smaller-scale data breaches like this occur frequently, and unfortunately, we're bound to see more of these breaches in the future even though they're easy to avoid. |
[ READ MORE ]
|
|
|
NSA Offers Advice on Securing Clouds
|
The National Security Agency issued an advisory with technical guidance for procuring and securing systems reliant on cloud service providers amid a push for the government to adopt the technology.
|
[ READ MORE ]
|
|
|
|